When translating the second frame of a write crossing a page boundary, mask
the linear address down to the page boundary.
This causes the correct %cr2 being reported to the guest in the case that the
second frame suffers a pagefault during translation.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Jan Beulich <jbeul...@suse.com>
CC: Tim Deegan <t...@xen.org>
v2:
* New
---
xen/arch/x86/mm/shadow/common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index ced2313..7e5b8b0 100644
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -1808,7 +1808,8 @@ void *sh_emulate_map_dest(struct vcpu *v, unsigned long
vaddr,
else
{
/* This write crosses a page boundary. Translate the second page. */
- sh_ctxt->mfn[1] = emulate_gva_to_mfn(v, vaddr + bytes - 1, sh_ctxt);
+ sh_ctxt->mfn[1] = emulate_gva_to_mfn(
+ v, (vaddr + bytes - 1) & PAGE_MASK, sh_ctxt);
if ( !mfn_valid(sh_ctxt->mfn[1]) )
return ((mfn_x(sh_ctxt->mfn[1]) == BAD_GVA_TO_GFN) ?
MAPPING_EXCEPTION :
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
